[Samba] samba, sssd, Active Directory, NT_STATUS_NO_LOGON_SERVERS, NT_STATUS_ACCESS_DENIED
Data Control Systems - Mike Elkevizth
mike at datacontrolsystems.com
Mon Apr 24 03:15:49 UTC 2017
What exactly are you trying to accomplish? Based on the smb.conf that you
posted, it looks like you only want to be able to authenticate using the
active directory server (i.e. I don't see any shares). If you are only
authenticating to an M$ AD server, sssd is all that you need. Samba
doesn't even need to be installed on your machine.
I think Rowland's recommendation of asking on the sssd list (or switching
to winbind) is your best bet.
Hope that helps.
Mike E.
On Apr 23, 2017 6:00 PM, "Bob Tanner via samba" <samba at lists.samba.org>
wrote:
> Now go and ask your question on the sssd-users mailing list, this
> has nothing to do with Samba.
Thank you for the response.
Why do you say this has nothing to do with samba?
The samba logs indicate the problem is with samba.
The sssd logs show everything working except for samba.
I changed my smb.conf to default setting and setting that should not be
there (as explained in your previous email) but that did not resolve
anything.
When max debug on for sssd I do not see samba even using sssd for
authentication information.
Maybe a permissions problem on the AD DC? Although I can auth via ssh?
[2017/04/23 16:38:33.202569, 0]
../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client session
to machine DC-1.CORP.CELADONSYSTEMS.COM. Error was :
NT_STATUS_ACCESS_DENIED.
Can you recommend web links on confirming permissions are appropriate on
the AD DC?
Maybe switching back to winbind is the right choice? Setting up sssd is
just a lot easier.
--
Bob Tanner <tanner at real-time.com> | Phone :
952-943-8700
http://www.real-time.com, Linux, OSX, VMware, Windows | Fax :
952-943-8500
Key fingerprint = 9906 320A 8BB6 64AD 96A7 7785 CBFB 10BF 568B F98C
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list